-
Suggestion
-
Resolution: Duplicate
-
None
-
None
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.
The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added.
A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust.
- duplicates
-
- Closed
- is related to
-
JRASERVER-21857 Workflow Transition is visible/executable to user if the issue/user has met the condition for the workflow transition in a "Read Only" project
-
- Gathering Impact
-
- relates to
-
- Closed
-
- Closed
[JRASERVER-32601] Edit permission should also apply to workflow transitions
| Workflow | Original: JAC Suggestion Workflow [ 3053840 ] | New: JAC Suggestion Workflow 3 [ 3683370 ] |
| Status | Original: RESOLVED [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: Confluence Workflow - Public Facing v4 [ 2617748 ] | New: JAC Suggestion Workflow [ 3053840 ] |
| Workflow | Original: JIRA PM Feature Request Workflow v2 - TEMP [ 2586911 ] | New: Confluence Workflow - Public Facing v4 [ 2617748 ] |
| Status | Original: Closed [ 6 ] | New: Resolved [ 5 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v6 - TEMP [ 2362251 ] | New: JIRA PM Feature Request Workflow v2 - TEMP [ 2586911 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v6 [ 2129915 ] | New: JIRA Bug Workflow w Kanban v6 - TEMP [ 2362251 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v6 - TEMP [ 2093303 ] | New: JIRA Bug Workflow w Kanban v6 [ 2129915 ] |
| Workflow | Original: JIRA Bug Workflow w Kanban v6 [ 883709 ] | New: JIRA Bug Workflow w Kanban v6 - TEMP [ 2093303 ] |
| Description |
Original:
By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission.
The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added. A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust. |
New:
{panel:bgColor=#e7f4fa} *NOTE:* This suggestion is for *JIRA Server*. Using *JIRA Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-32601]. {panel} By default users can change the status of an issue when they don't have permission to edit it. This is unexpected and generally unwanted behaviour. The recommended change is to add a condition to the transition that checks for Edit permission. The problem is that when administrators create workflows from scratch they have to add the condition to every transition. A better choice would be to automatically add the condition, just as five post functions are automatically added. A paragraph about this in some release notes saying that the default had changed would save many people much tedium and make the JIRA security model more robust. |
| Link |
New:
This issue relates to |
| Labels | New: affects-cloud affects-server |